Scribd Logo
Upload

Welcome to Scribd!

  • 19 views

    Lesson 3 - Installing Active Directory

    Uploaded by

    Clinton otieno

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Lesson 3 - Installing Active Directory

    Uploaded by

    Clinton otieno
    19 views15 pages

    Original Title

    Lesson 3 -Installing Active Directory

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    19 views15 pages

    Lesson 3 - Installing Active Directory

    Uploaded by

    Clinton otieno

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 15

    How to install Active Directory in Windows Server 2012

    Different organizations from different sectors – Telecom, IT, Banking, healthcare and all those
    who operate in a distributed environment, need to effectively manage and organize their
    servers, user accounts, security policies and above all business processes, to succeed. Thus,
    emerges the requirement of centralized and secure administration mechanism.

    Active Directory (AD) is one such automated mechanism that provides a centralized solution
    for managing servers and users, verifies the identity of users and authorizes resources on each
    access. For example, whenever a user, logs into a computer (part of a Windows domain),
    Active Directory verifies the password submitted by the user and determines the user identity
    accordingly-i.e. a system administrator or normal user. AD is an umbrella of different identity
    related services.

    Active Directory
    Active Directory (AD) is a Microsoft technology used to manage computers and other devices
    on a network. It is a primary feature of Windows Server, an operating system that runs both
    local and Internet-based servers.

    Active Directory allows network administrators to create and manage domains, users, and
    objects within a network. For example, an admin can create a group of users and give them
    specific access privileges to certain directories on the server. As a network grows, Active
    Directory provides a way to organize a large number of users into logical groups and
    subgroups, while providing access control at each level.

    The Active Directory structure includes three main tiers:

    1) domains,

    2) trees, and
    3) forests.

    Several objects (users or devices) that all use the same database may be grouped into a single
    domain. Multiple domains can be combined into a single group called a tree. Multiple trees
    may be grouped into a collection called a forest. Each one of these levels can be assigned
    specific access rights and communication privileges.

    Active Directory provides several different services, which fall under the umbrella of "Active
    Directory Domain Services," or AD DS. These services include:

    Domain Services – stores centralized data and manages communication between users and
    domains; includes login authentication and search functionality

    Certificate Services – creates, distributes, and manages secure certificates

    Lightweight Directory Services – supports directory-enabled applications using the open


    (LDAP – Light weight directory Access protocol ) protocol

    Directory Federation Services – provides single-sign-on (SSO) to authenticate a user in


    multiple web applications in a single session

    Rights Management – protects copyrighted information by preventing unauthorized use and


    distribution of digital content

    AD DS is included with Windows Server and is designed to manage client systems. While
    systems running the regular version of Windows do not have the administrative features of AD
    DS, they do support Active Directory. This means any Windows computer can connect to a
    Windows workgroup, provided the user has the correct login credentials.

    In Active directory, there is AD DS –Active Directory Domain Services, the Microsoft’s


    Directory Server that allows-
    Management and storage of information at admin level, about resources from a network.

    Provides authentication and authorization mechanisms and a framework to deploy other related
    services (AD Certificate Services, AD Federated Services, etc.).

    A server running AD DS is called a domain controller.

    Thus, Active directory is an important tool for an organization which enables it to efficiently
    manage its network resources.

    How to install active directory in windows server 2012?

    Active directory can be installed in Windows Server 2012 via two methods-

    1. Install AD DS by using Server Manager using Graphical User Interface (GUI).


    2. Install AD DS by using Windows PowerShell or Command Line Interface (CLI).

    Let’s walk through the methods of installing active directory on Windows Server 2012 and
    adding domain in new forest.

    1. Graphical Installation via Server Manager:-


     Login into your server via administrator user.
     Open the Server Manager from the task bar.
     Next select and click on Add roles and features from the Server Manager
    dashboard. This will open Add Roles and Features Wizard page and will allow
    modifications that need to be performed on the Windows Server 2012 instance.

     Click Next to proceed


     Select Role-based or feature-based installation option and click on Next.

     Click on Server Selection tab and select the option- Select a server from the
    server pool and select server name. Click on Next to proceed to next tab-Server
    Roles.
     Now select Active Directory Domain Services from the Server Roles page.

     Click on AD DS, will open a window explaining about additional feature that are
    required to install Active Directory Domain services.
    [You can see few required components selected by installation]
    Click on Add Features.
     Review on features and select them. Once done click on Next.

     Now Click on AD DS tab and review the information about AD DS on the current
    page. Click on Next.
     Click on Install to initiate installation.

     The AD DS installation progress will be displayed on the screen and once it is


    installed, it will be displayed on the landing page of Server Manager. Once
    installation is done. Click on close button.
    NB: After the installation of AD DS, promote this server as a domain controller.

    A domain controller is the server running Active Directory; Domain controllers are typically referred
    as DC. Domain controller is a server based on MS windows Server 200X which is
    responsible for allowing host access to domain resources. A Domain controller authenticates the
    users and the computers to join the domain.

    Benefits of Domain Controller


     Centralized user management
     Enables resource sharing for files and printers
     Federated configuration for redundancy (FSMO) ---- Flexible Single Master Operations
     Can be distributed and replicated across large networks
     Encryption of user data
     Can be hardened and locked-down for improved security
    Limitations of Domain Controller
     Target for cyberattack
     Potential to be hacked
     Users and OS must be maintained to be stable, secure and up-to-date
     Network is dependent on DC uptime
     Hardware/software requirements
    Procedure to promote server to Domain Controller (DC)
     Open the Server Manager from the task bar. In server manager you will get yellow icon
    on top of the screen. Click on this icon and click on the option: Promote this server to a
    domain controller.

     Select Add a new forest option from the Deployment Configuration tab. Now insert your
    root domain name into the Root domain name field. (Here I have used znetlive.com).
    Click on Next.
     Put DSRM (Directory server restore mode) password and confirm the password. This
    password is used during the restoration of Active Directory. Click on Next.

     Click on Next.
     Verify and enter NetBIOS name of domain. Click on Next.

     Here you can see location of your Active Directory database and log folders. Click on
    Next.
     Review the options and click on Next.

     All the prerequisite to be installed are checked by the system prior to moving forward.
    Once this check is done proceed to click on Install.
     Congratulations! Installation of Active Directory completes here.

    2. Active Directory installation via PowerShell CLI:

    PowerShell or Command line is powerful tool to perform or manage Windows components


    installation or in automation of tasks. Instead of using the Windows GUI for administration, use
    Command Line Interface to install and configure Active Directory.

    1. Following command will install Active Directory Domain Services role:


    Install-Windows Feature -name AD-Domain-Services –Include Management Tools
    2. Import AD DS module in PowerShell session:
    [In order to increase server performance all commands and modules are not installed by
    Windows installer during OS installation.]
    To continue AD installation and configuration, we need AD DS Deployment module.
    Use command-
    Import-Module AD DS Deployment
    3. Install new Active Directory with domain name: znetlive.com.
    Install-ADDSForest
    -CreateDnsDelegation:$false `
    -DatabasePath “C:WindowsNTDS” `
    -DomainMode “Win2012R2” `
    -DomainName “znetlive.com” `
    -DomainNetbiosName “ZNET” `
    -ForestMode “Win2012R2” `
    -InstallDns:$true `
    -LogPath “C:WindowsNTDS” `
    -NoRebootOnCompletion:$false `
    -SysvolPath “C:WindowsSYSVOL” `
    -Force:$true

    (Domain name and Net BIOS name can be replaced with your domain name).

    Once installation is complete, it will ask for Active Directory Recovery password. Remember
    this password as, it will be used to recover Active Directory in case of any disaster.

    You might also like